File hauler.changes of Package hauler
-------------------------------------------------------------------
Thu May 1 16:34:57 UTC 2025 - Dirk Müller <dmueller@suse.com>
- update to 1.2.4 (CVE-2025-22872, bsc#1241804):
* Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules
group across 1 directory
* minor tests updates
-------------------------------------------------------------------
Mon Apr 28 09:58:05 UTC 2025 - Dirk Müller <dmueller@suse.com>
- Update to version 1.2.3:
* formatting and flag text updates
* add keyless signature verification (#434)
* bump helm.sh/helm/v3 in the go_modules group across 1 directory (#430)
* add --only flag to hauler store copy (for images) (#429)
* fix tlog verification error/warning output (#428)
-------------------------------------------------------------------
Tue Apr 15 08:10:25 UTC 2025 - dmueller@suse.com
- Update to version 1.2.2 (bsc#1241184, CVE-2024-0406):
* cleanup new tlog flag typos and add shorthand (#426)
* default public transparency log verification to false to be airgap friendly but allow override (#425)
* bump github.com/golang-jwt/jwt/v4 (#423)
* bump the go_modules group across 1 directory with 2 updates (#422)
* bump github.com/go-jose/go-jose/v3 (#417)
* bump github.com/go-jose/go-jose/v4 (#415)
* clear default manifest name if product flag used with sync (#412)
* updates for v1.2.0 (#408)
* fixed remote code (#407)
* added remote file fetch to load (#406)
* added remote and multiple file fetch to sync (#405)
* updated save flag and related logs (#404)
* updated load flag and related logs [breaking change] (#403)
* updated sync flag and related logs [breaking change] (#402)
* upgraded api update to v1/updated dependencies (#400)
* fixed consts for oci declarations (#398)
* fix for correctly grabbing platform post cosign 2.4 updates (#393)
* use cosign v2.4.1+carbide.2 to address containerd annotation in index.json (#390)
* Bump the go_modules group across 1 directory with 2 updates (#385)
* replace mholt/archiver with mholt/archives (#384)
* forked cosign bump to 2.4.1 and use as a library vs embedded binary (#383)
* cleaned up registry and improved logging (#378)
* Bump golang.org/x/crypto in the go_modules group across 1 directory (#377)
- drop
0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch
(upstream)
-------------------------------------------------------------------
Wed Jan 29 10:25:57 UTC 2025 - Dirk Müller <dmueller@suse.com>
- add 0001-Bump-the-go_modules-group-across-1-directory-with-2-.patch
to bump net/html dependencies (bsc#1235332, CVE-2024-45338)
-------------------------------------------------------------------
Mon Jan 27 19:30:58 UTC 2025 - dmueller@suse.com
- Update to version 1.1.1:
* fixed cli desc for store env var (#374)
* updated versions for go/k8s/helm (#373)
* updated version flag to internal/flags (#369)
* renamed incorrectly named consts (#371)
* added store env var (#370)
* adding ignore errors and retries for continue on error/fail on error (#368)
* updated/fixed hauler directory (#354)
* standardize consts (#353)
* removed cachedir code (#355)
* removed k3s code (#352)
* updated dependencies for go, helm, and k8s (#351)
* [feature] build with boring crypto where available (#344)
* updated workflow to goreleaser builds (#341)
* added timeout to goreleaser workflow (#340)
* trying new workflow build processes (#337)
* improved workflow performance (#336)
* have extract use proper ref (#335)
* yet another workflow goreleaser fix (#334)
* even more workflow fixes (#333)
* added more fixes to github workflow (#332)
* fixed typo in hauler store save (#331)
* updates to fix build processes (#330)
* added integration tests for non hauler tarballs (#325)
* bump: golang >= 1.23.1 (#328)
* add platform flag to store save (#329)
* Update feature_request.md
* updated/standardize command descriptions (#313)
* use new annotation for 'store save' manifest.json (#324)
* enable docker load for hauler tarballs (#320)
* bump to cosign v2.2.3-carbide.3 for new annotation (#322)
* continue on error when adding images to store (#317)
* Update README.md (#318)
* fixed completion commands (#312)
* github.com/rancherfederal/hauler => hauler.dev/go/hauler (#311)
* pages: enable go install hauler.dev/go/hauler (#310)
* Create CNAME
* pages: initial workflow (#309)
* testing and linting updates (#305)
* feat-273: TLS Flags (#303)
* added list-repos flag (#298)
* fixed hauler login typo (#299)
* updated cobra function for shell completion (#304)
* updated install.sh to remove github api (#293)
* fix image ref keys getting squashed when containing sigs/atts (#291)
* fix missing versin info in release build (#283)
* bump github.com/docker/docker in the go_modules group across 1 directory (#281)
* updated install script (`install.sh`) (#280)
* fix digest images being lost on load of hauls (Signed). (#259)
* feat: add readonly flag (#277)
* fixed makefile for goreleaser v2 changes (#278)
* updated goreleaser versioning defaults (#279)
* update feature_request.md (#274)
* updated old references
* updated actions workflow user
* added dockerhub to github actions workflow
* removed helm chart
* added debug container and workflow
* updated products flag description
* updated chart for release
* fixed workflow errors/warnings
* fixed permissions on testdata
* updated chart versions (will need to update again)
* last bit of fixes to workflow
* updated unit test workflow
* updated goreleaser deprecations
* added helm chart release job
* updated github template names
* updated imports (and go fmt)
* formatted gitignore to match dockerignore
* formatted all code (go fmt)
* updated chart tests for new features
* Adding the timeout flag for fileserver command
* Configure chart commands to use helm clients for OCI and private registry support
* Added some documentation text to sync command
* Bump golang.org/x/net from 0.17.0 to 0.23.0
* fix for dup digest smashing in cosign
* removed vagrant scripts
* last bit of updates and formatting of chart
* updated hauler testdata
* adding functionality and cleaning up
* added initial helm chart
* removed tag in release workflow
* updated/fixed image ref in release workflow
* updated/fixed platforms in release workflow
* updated/cleaned github actions (#222)
* Make Product Registry configurable (#194)
* updated fileserver directory name (#219)
* fix logging for files
* add extra info for the tempdir override flag
* tempdir override flag for load
* deprecate the cache flag instead of remove
* switch to using bci-golang as builder image
* fix: ensure /tmp for hauler store load
* added the copy back for now
* remove copy at the image sync not needed with cosign update
* removed misleading cache flag
* better logging when adding to store
* update to v2.2.3 of our cosign fork
* add: dockerignore
* add: Dockerfile
* Bump google.golang.org/protobuf from 1.31.0 to 1.33.0
* Bump github.com/docker/docker
* updated and added new logos
* updated github files
-------------------------------------------------------------------
Tue Apr 2 14:55:42 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 1.0.1:
* Fix --name option in "store add file" command
* Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2
* Exit with status code 1 if cosign is not configured
* fix exit code on error @amartin120
* add registry flag to cli for sync @amartin120
- update to 1.0.0:
* adding graphics @bgulla
* updated readme and removed roadmap @zackbradys
* updated/cleaned up install.sh @zackbradys
* remove deprecated commands @amartin120
* Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1
* bug-fix: handle complex file names @amartin120
* add login command @amartin120
* update to add size totals and cosign bits to the info
- update to 0.4.4:
* add annotations for registry @amartin120
* add annotations for key and platform @amartin120
* Flags passed from the CLI have a global effect on any image
UNLESS it has a (key/platform) specified on the individual
image. Individual image key/platform takes precedence.
* If you have `hauler.dev/key` and/or `hauler.dev/platform` at
the annotation level, it would work just like the CLI flag
and globally apply for everything except individual images
specifying otherwise. Just like above.
* If you just so happen to provide both an annotation AND the
CLI flag for the same thing, the CLI flag wins.
* As for the `hauler.dev/registry` annotation, it will apply
globally unless the provided image reference already has a
registry specified in its name.
- update to 0.4.3:
* dep bumps for security vuln fixes @amartin120
* check tag to determine pre-release @amartin120
* Update install.sh for file cleaning @clemenko
* add platform flag for image add and sync @amartin120
* bump cosign version to v2.2.2+carbide.2 @amartin120
* improve cosign setup @amartin120
* updated archive default name @zackbradys
* add license file @amartin120
* adjust to make registry and fileserver subcommands
* add fileserver option for `store serve` @amartin120
-------------------------------------------------------------------
Tue Apr 02 13:41:54 UTC 2024 - dmueller@suse.com
- Update to version 1.0.1:
* Fix --name option in "store add file" command
* Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2
* Exit with status code 1 if cosign is not configured
* reverting changes for logos (#189)
* adding graphics
* fix exit code on error
* add registry flag to cli for sync
* updated readme and removed roadmap
* updated/cleaned up install.sh
* remove deprecated commands
* Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1
* bug-fix: handle complex file names
* add login command
* update to add size totals and cosign bits to the info command
* switch the 'apply the registry override first in a image sync
* switch the 'not a multi-arch image' log message to be debug
* fix whitspace issue
* add better logging for save
* add annotations for registry
* add annotations for key and platform
* dep bumps for security vuln fixes
* check tag to determine pre-release
* Update install.sh
* Update install.sh for file cleaning
* clean up makefile
* remove extra debug statement
* another fix for the unit test gh action
* add platform flag for image add and sync
* adjust unit test gh action for latest updates
* bump cosign version to v2.2.2+carbide.2
* improve cosign setup
* updated archive default name
* add license file
* adjust to make registry and fileserver subcommands
* add fileserver option for `store serve`
* added homebrew install instructions
* updated hauler version and automated default version
-------------------------------------------------------------------
Mon Jan 22 12:19:32 UTC 2024 - Dirk Müller <dmueller@suse.com>
- Initial package (0.4.2)
